src/sys/security, branch release/6.0.0_cvs

This commit was manufactured by cvs2svn to create tag

2005-11-03T00:35:26Z

'RELENG_6_0_0_RELEASE'. This commit was manufactured to restore the state of the 6.0-RELEASE image.

Merge init_main.c:1.258, mac_vfs.c:1.110, mac_biba.c:1.89,

2005-10-05T10:31:05Z

mac_lomac.c:1.37, mac_mls.c:1.74, mac_stub.c:1.55, mac_test.c:1.62, mac.h:1.69, mac_policy.h:1.70 from HEAD to RELENG_6: Remove mac_create_root_mount() and mpo_create_root_mount(), which provided access to the root file system before the start of the init process. This was used briefly by SEBSD before it knew about preloading data in the loader, and using that method to gain access to data earlier results in fewer inconsistencies in the approach. Policy modules still have access to the root file system creation event through the mac_create_mount() entry point. Removed now, and will be removed from RELENG_6, in order to gain third party policy dependencies on the entry point for the lifetime of the 6.x branch. Obtained from: TrustedBSD Project Submitted by: Chris Vance Approved by: re (scottl)

MFC:

2005-09-26T14:36:54Z

DEVFS fixes of many sorts. Approved by: re@ (scottl)

MFC: (1.26) Fixing a regression introduced in rev1.25 by honouring the errno.

2005-08-17T14:35:20Z

This should keep 'ugidfw list' to stop complaining about "Data error in security.mac.bsdextended.rules.N: Unknown error: 0" if there is a "hole" within the rule set. Approved by: re (hrs)

Merge two sets of changes relating to devfs device node cloning from

2005-08-13T21:24:18Z

HEAD to RELENG_6: changes to introduce a credentialed version of the clone event handler, and then changes to merge the regular and credentialed versions into a single interface (along with updates to existing consumers). With this merge, 6.x and 7.x are in sync. First batch merges devfs_devs.c:1.37, devfs_vnops.c:1.115, kern_conf.c:1.187, tty_pty.c:1.138, mac_vfs.c:1.109, mac_biba.c:1.36, mac_lomac.c:1.36, mac_mls.c:1.73, mac_stub.c:1.53, mac_test.c:1.61, conf.h:1.223, mac.h:1.68, mac_policy.h:1.67 from HEAD to RELENG_6: When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA Second batch merges scsi_target.c:1.68, coda_fbsd.c:1.43, firewirereg.h:1.38, fwdev.c:1.47, nmdm.c:1.36, snp.c:1.100, dsp.c:1.82, mixer.c:1.45, vkbd.c:1.9, devfs_vnops.c:1.117, tty_pty.c:1.139, tty_tty.c:1.57, bpf.c:1.156, if_tap.c:1.56, if_tun.c:1.153, smb_dev.c:1.28, conf.h:1.224 from HEAD to RELENG_6: Merge the dev_clone and dev_clone_cred event handlers into a single event handler, dev_clone, which accepts a credential argument. Implementors of the event can ignore it if they're not interested, and most do. This avoids having multiple event handler types and fall-back/precedence logic in devfs. This changes the kernel API for /dev cloning, and may affect third party packages containg cloning kernel modules. Requested by: phk These changes modifies the kernel device driver API for device cloning, and might require minor modifications to third party device drivers that make use of devfs cloning. It will not be merged to RELENG_5. Approved by: re (scottl)

Merge mac_stub.c:1.54 from HEAD to RELENG_6:

2005-07-25T09:45:24Z

Remove duplicate initialization of mpo_create_stub pointer. PR: 83779 Submitted by: Wojciech A. Koszek Approved by: re (kensmith)

This commit was manufactured by cvs2svn to create branch 'RELENG_6'.

2005-07-11T04:14:43Z

Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which is

2005-07-05T23:39:51Z

redundant with respect to existing mbuf copy label routines. Expose a new mac_copy_mbuf() routine at the top end of the Framework and use that; use the existing mpo_copy_mbuf_label() routine on the bottom end. Obtained from: TrustedBSD Project Sponsored by: SPARTA, SPAWAR Approved by: re (scottl)

Add MAC Framework and MAC policy entry point mac_check_socket_create(),

2005-07-05T22:49:10Z

which is invoked from socket() and socketpair(), permitting MAC policy modules to control the creation of sockets by domain, type, and protocol. Obtained from: TrustedBSD Project Sponsored by: SPARTA, SPAWAR Approved by: re (scottl) Requested by: SCC

Correct grammar error in comment

2005-06-10T04:44:38Z

MFC after: 3 days